Contents QoS overview 1 Introduction to QoS 1 QoS service models 1 Best-effort service model 1 IntServ model 1 DiffServ model 2 QoS techniques overview 2 Deploying QoS in a network 2 QoS processing flow in a device 3 QoS configuration approaches 4 QoS configuration approach overview 4 MQC approach 4 Non-MQC approach 4 Configuring a QoS policy 4 Defining a class 5 Defining a traffic behavior 5 Defining a policy 6 Applying the QoS policy 6 Displaying and maintaining QoS policies 9 Configuring priority mapping 11 Overview 11 Introduction to priority mapping 11 Introduction to priorities 11 Priority mapping tables 11 Priority mapping configuration tasks 12 Configuring priority mapping 12 Configuring a priority mapping table 12 Configuring a port to trust packet priority for priority mapping 14 Changing the port priority of an interface 15 Configuring primap 15 Displaying and maintaining priority mapping 17 Priority mapping configuration example 17 Network requirements 17 Configuration procedure 18 Configuring traffic policing and traffic shaping 19 Overview 19 Traffic evaluation and token buckets 19 Traffic policing 20 Traffic shaping 21 Configuring traffic policing 22 Configuring GTS 22 Displaying and maintaining traffic policing and GTS 23 Configuring congestion management 24 Overview 24 Causes, impacts, and countermeasures of congestion 24 Congestion management policies 24 Congestion management technique comparison 27 i
Configuring WFQ 29 Configuration procedure 29 WFQ configuration example 30 Configuring CBQ 30 Defining a class 30 Defining a traffic behavior 30 Defining a QoS policy 32 Applying the QoS policy 33 Displaying and maintaining CBQ 33 CBQ configuration example 33 Configuring hardware congestion management 37 Overview 37 Causes, impacts, and countermeasures 37 Congestion management techniques 37 Hardware congestion management configuration approaches 40 Configuring per-queue hardware congestion management 41 Configuring SP queuing 41 Configuring WFQ queuing 42 Configuring WFQ queuing 43 Configuring hardware congestion management with queue scheduling profiles 44 Introduction to queue scheduling profile 44 Configuring a queue scheduling profile 44 Displaying and maintaining queue scheduling profiles 45 Queue scheduling profile configuration example 45 Configuring CBQ 46 CBQ configuration task list 46 Defining a class 47 Defining a traffic behavior 47 Defining a QoS policy 49 Applying the QoS policy 49 Displaying and maintaining CBQ 50 CBQ configuration example 50 Configuring congestion avoidance 54 Overview 54 Introduction to WRED configuration 55 WRED configuration approaches 55 Introduction to WRED parameters 55 Configuring WRED on an interface 55 Configuration procedure 55 Configuration example 56 Applying a WRED table on an interface 56 Displaying and maintaining WRED 57 WRED configuration example 57 Network requirements 57 Configuration procedure 57 Configuring traffic filtering 59 Configuration procedure 59 Traffic filtering configuration restrictions 60 Traffic filtering configuration example 60 Network requirements 61 Configuration procedure 61 ii
Configuring protocol packet rate limiting 62 Overview 62 Configuration procedure 62 Protocol packet rate limiting configuration example 63 Network requirements 63 Configuration procedures 63 Configuring priority marking 65 Overview 65 Configuration procedure 65 Priority marking configuration example 66 Network requirements 66 Configuration procedure 66 Configuring traffic redirecting 69 Overview 69 Configuration restrictions and guidelines 69 Configuration procedure 70 Traffic redirecting configuration example 70 Network requirements 70 Configuration procedure 71 Configuring global CAR 73 Overview 73 Configuring aggregate CAR 73 Configuration procedure 73 Configuration example 73 Configuring class-based accounting 75 Overview 75 Configuration procedure 75 Displaying and maintaining class-based accounting 75 Class-based accounting configuration example 76 Network requirements 76 Configuration procedure 76 Configuring traffic accounting 78 Overview 78 Configuration procedure 78 Displaying and maintaining traffic accounting 79 Configuring enhanced QoS 1 Configuring the QoS pipe mode 2 Overview 2 Configuration procedure 2 Appendix 3 Appendix A Acronym 3 Appendix B Default priority mapping tables 4 Introduction to priority mapping tables 4 Introduction to colored priority mapping tables 6 Appendix C Introduction to packet precedences 9 IP precedence and DSCP values 9 802.1p priority 10 EXP values 11 iii
QoS overview For more information about the subcards and Ethernet interface cards mentioned in this document, see the installation guide for the product. Introduction to QoS In data communications, Quality of Service (QoS) is the ability of a network to provide differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate. Network resources are scarce. The contention for resources requires that QoS prioritize important traffic flows over trivial ones. For example, when bandwidth is fixed, more bandwidth for one traffic flow means less bandwidth for the other traffic flows. When making a QoS scheme, you must consider the characteristics of various applications to balance the interests of diversified users and to utilize network resources. The following section describes some typical QoS service models and widely used, mature QoS techniques. QoS service models Best-effort service model Best effort is a single-service model and also the simplest service model. In the best-effort service model, the network does its best to deliver packets, but does not guarantee delay or reliability. The best-effort service model is the default model in the Internet and applies to most network applications. It uses the first in first out (FIFO) queuing mechanism. IntServ model The integrated service (IntServ) model is a multiple-service model that can accommodate diverse QoS requirements. It provides the most granularly differentiated QoS by identifying and guaranteeing definite QoS for each data flow. In the IntServ model, an application must request service from the network before it sends data. IntServ signals the service request with the Resource Reservation Protocol (RSVP). All nodes receiving the request reserve resources as requested and maintain state information for the application flow. The IntServ model demands high storage and processing capabilities because it requires all nodes along the transmission path to maintain resource state information for each flow. The model is suitable for small-sized or edge networks, but not large-sized networks, for example, the core layer of the Internet, where billions of flows are present. For more information about RSVP, see MPLS Configuration Guide. 1
DiffServ model The differentiated service (DiffServ) model is a multiple-service model that can meet diverse QoS requirements. It is easy to implement and extend. DiffServ does not signal the network to reserve resources before sending data, as IntServ does. All QoS techniques in this document are based on the DiffServ model. QoS techniques overview The QoS techniques include traffic classification, traffic policing, traffic shaping, line rate, congestion management, and congestion avoidance. The following sections briefly introduce these QoS techniques. Deploying QoS in a network Figure 1 Position of the QoS techniques in a network As shown in Figure 1, traffic classification, traffic shaping, traffic policing, congestion management, and congestion avoidance mainly implement the following functions: Traffic classification uses certain match criteria to assign packets with the same characteristics to a class. Based on classes, you can provide differentiated services. Traffic policing polices flows entering or leaving a device, and imposes penalties on traffic flows that exceed the pre-set threshold to prevent aggressive use of network resources. You can apply traffic policing to both incoming and outgoing traffic of a port. Traffic shaping proactively adapts the output rate of traffic to the network resources available on the downstream device to eliminate packet drops. Traffic shaping usually applies to the outgoing traffic of a port. Congestion management provides a resource scheduling policy to determine the packet forwarding sequence when congestion occurs. Congestion management usually applies to the outgoing traffic of a port. 2
Congestion avoidance monitors the network resource usage, and is usually applied to the outgoing traffic of a port. When congestion worsens, congestion avoidance reduces the queue length by dropping packets. QoS processing flow in a device Figure 2 briefly describes how the QoS module processes traffic: 1. Traffic classifier identifies and classifies traffic for subsequent QoS actions. 2. The QoS module takes various QoS actions on classified traffic as configured, depending on the traffic processing phase and network status. For example, you can configure the QoS module to perform traffic policing for incoming traffic, traffic shaping for outgoing traffic, congestion avoidance before congestion occurs, and congestion management when congestion occurs. Figure 2 QoS processing flow Tokens Drop Classify the traffic CAR Remark Other proce ssing Packets received on the interface Classification Token bucket Traffic policing Priority marking Toekn Drop Drop Enqueue Queue 0 Dequeue Classify the traffic CAR GTS Other proces sing WRED Queuing Queue 1 Queue 2 Packets to be sent out the interface Classification Token bucket Traffic policing Traffic shaping Congestion avoidance Queue N Queues Congestion management Transmit 3
QoS configuration approaches QoS configuration approach overview You can configure QoS in these approaches: MQC approach Non-MQC approach Some features support both approaches, but some support only one. MQC approach In the modular QoS configuration (MQC) approach, you configure QoS service parameters by using QoS policies. A QoS policy defines the shaping, policing, or other QoS actions to take on different classes of traffic. It is a set of class-behavior associations. A class is a set of match criteria for identifying traffic, and it uses the AND or OR operator: If the operator is AND, a packet must match all the criteria to match the class. If the operator is OR, a packet matches the class if it matches any of the criteria in the class. A traffic behavior defines a set of QoS actions to take on packets, such as priority marking and redirect. By associating a traffic behavior with a class in a QoS policy, you apply the specific set of QoS actions to the class of traffic. Non-MQC approach In the non-mqc approach, you configure QoS service parameters without using a QoS policy. For example, you can use the line rate feature to set a rate limit on an interface without using a QoS policy. Configuring a QoS policy Figure 3 shows how to configure a QoS policy. 4
Figure 3 QoS policy configuration procedure Defining a class Step Command Remarks 1. Enter system view. system-view N/A By default, the operator of a class is AND. 2. Create a class and enter class view. 3. Configure match criteria. traffic classifier tcl-name [ operator { and or } ] if-match match-criteria The operator of a class can be AND or OR. AND A packet is assigned to a class only when the packet matches all the criteria in the class. Using AND as the operator in a class, you must make sure no conflict exists between the if-match clauses or the parameters in each if-match clause, and you can configure only one ACL for the class. OR A packet is assigned to a class if it matches any of the criteria in the class. For more information, see the if-match command in ACL and QoS Command Reference. Defining a traffic behavior A traffic behavior is a set of QoS actions (such as traffic filtering, shaping, policing, and priority marking) to take on a class of traffic. To define a traffic behavior: 5
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name N/A 3. Configure actions in the traffic behavior. See the subsequent chapters, depending on the purpose of the traffic behavior: traffic policing, traffic filtering, traffic redirecting, priority marking, traffic accounting, and so on. Defining a policy You associate a behavior with a class in a QoS policy to perform the actions defined in the behavior for the class of packets. To associate a class with a behavior in a policy: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a policy and enter policy view. 3. Associate a class with a behavior in the policy. qos policy policy-name classifier tcl-name behavior behavior-name N/A Repeat this step to create more class-behavior associations. IMPORTANT: When an ACL is referenced by a QoS policy for traffic classification, the deny action in an ACL rule means not to execute the behavior of the corresponding class-behavior association, and the permit action in an ACL rule means to execute the behavior of the corresponding class-behavior association. Applying the QoS policy You can apply a QoS policy to the following destinations: An interface The policy takes effect on the traffic sent or received on the interface. A VLAN The policy takes effect on the traffic sent or received on all ports in the VLAN. Globally The policy takes effect on the traffic sent or received on all ports. Control plane The policy takes effect on the traffic sent on the control plane. Configuration restrictions and guidelines You can apply a QoS policy to the control plane of only an Ethernet interface card. You can modify classes, behaviors, and class-behavior associations in a QoS policy even after it is applied. If a class references an ACL for traffic classification, you can delete or modify the ACL (such as add rules to, delete rules from, and modify rules of the ACL). Global QoS policies, interface QoS policies, and VLAN QoS policies are in the descending order of priority when being used to match packets. Global QoS policies and VLAN QoS policies will be applied to all interface cards. If the hardware resources of an interface card are insufficient, applying a global or VLAN-based QoS policy will 6
fail on the interface card. In this case, the system does not automatically roll back the QoS policy configuration already applied to the main processing unit or other interface cards. To ensure consistency, you must manually remove the QoS policy configuration applied to them. Do the same procedure if a global or VLAN-based QoS policy fails to update on an interface card after being dynamically modified. Applying the QoS policy to an interface A policy can be applied to multiple interfaces, but only one policy can be applied in one direction (inbound or outbound) of an interface. When you apply a QoS policy to an interface, follow these guidelines: You can apply QoS policies to all physical interfaces but X.25- or LAPB-enabled interfaces. The QoS policy applied to the outgoing traffic on an interface does not regulate local packets, which are critical protocol packets sent by the local system for operation maintenance. The most common local packets include link maintenance, routing (IS-IS, BGP, and OSPF for example), RIP, LDP, RSVP, and SSH packets. A QoS policy to be applied to a logical RPR interface can be configured with only the filter action or mirror-to action. For more information about logical RPR interfaces, see High Availability Configuration Guide. For more information about the mirror-to action, see Network Management and Monitoring Configuration Guide. To apply the QoS policy to an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view or port group view. Enter interface view: interface interface-type interface-number Enter port group view: port-group manual port-group-name Use either command. Settings in interface view take effect on the current interface. Settings in port group view take effect on all ports in the port group. 3. Apply the policy to the interface or port group. qos apply policy policy-name { inbound outbound } N/A Applying the QoS policy to a VLAN You can apply a QoS policy to a VLAN to regulate traffic of the VLAN. To apply the QoS policy to a VLAN: Step Command 1. Enter system view. system-view 2. Apply the QoS policy to VLANs. qos vlan-policy policy-name vlan vlan-id-list { inbound outbound } 7
NOTE: QoS policies cannot be applied to dynamic VLANs, for example, VLANs created by GVRP. VLAN QoS policies are applied globally to all interface cards. If the hardware resources of an interface card are insufficient, applying a QoS policy to VLANs will fail on the interface card. The system does not automatically roll back the QoS policy configuration already applied to the main processing unit or other interface cards. To ensure consistency, use the undo qos vlan-policy vlan command to manually remove the QoS policy configuration applied to them. Applying the QoS policy globally You can apply a QoS policy globally to the inbound or outbound direction of all ports. To apply the QoS policy globally: Step Command 1. Enter system view. system-view 2. Apply the QoS policy globally. qos apply policy policy-name global { inbound outbound } NOTE: If the hardware resources of an interface card are insufficient, applying a QoS policy globally will fail on the interface card. The system does not automatically roll back the QoS policy configuration already applied to the main processing unit or other interface cards. To ensure consistency, you must use the undo qos apply policy global command to manually remove the QoS policy configuration applied to them. Applying the QoS policy to the control plane When you apply the QoS policy to the control plane, follow these restrictions and guidelines: You can apply a QoS policy to the control plane of only an Ethernet interface card. By default, the switch is configured with pre-defined control plane policies, which take effect on the control planes by default. A pre-defined control plane QoS policy uses the system-index to identify the type of packets sent to the control plane. You can reference system-indexes in if-match commands in class view for traffic classification and then re-configure traffic behaviors for these classes as required. You can use the display qos policy control-plane pre-defined command to display them. When you apply a QoS policy to the control plane of the slot where the IRF port resides, if a class in the QoS policy uses an Ethernet frame header ACL configured with rule permit to match all packets, do not configure car cir or filter deny in the behavior associated with the class. Otherwise, the IRF might split, and the switch cannot work correctly. The packets entering a device can be processed by the data plane or the control plane. The units at the data plane are responsible for receiving, transmitting, and switching (forwarding) packets, such as various dedicated forwarding chips. They deliver super processing speeds and throughput. The units at the control plane are processing units running most routing and switching protocols and responsible for protocol packet resolution and calculation, such as CPUs. Compared with data plane units, they allow for great packet processing flexibility but have lower throughput. When the data plane receives packets that it cannot recognize or process, it transmits them to the control plane. If the transmission rate exceeds the processing capability of the control plane, which very likely 8
occurs at times of DoS attacks, the control plane will be busy handling undesired packets and fail to handle packets correctly or timely. As a result, protocol performance is affected. To address this problem, apply a QoS policy to the control plane to take QoS actions such as traffic filtering or rate limiting on inbound traffic, ensuring that the control plane can receive, transmit, and process packets properly. To apply the QoS policy to the control plane: Step Command 1. Enter system view. system-view 2. Enter control plane view. In standalone mode: control-plane slot slot-number In IRF mode: control-plane chassis chassis-number slot slot-number 3. Apply the QoS policy to the control plane. qos apply policy policy-name inbound Displaying and maintaining QoS policies Task Command Remarks Display traffic class configuration. Display traffic behavior configuration. Display user-defined QoS policy configuration. Display QoS policy configuration on the specified or all interfaces. Display VLAN QoS policy configuration (in standalone mode). Display VLAN QoS policy configuration (in IRF mode). Display information about QoS policies applied globally (in standalone mode). Display information about QoS policies applied globally (in IRF mode). display traffic classifier user-defined [ tcl-name ] [ { begin exclude include } regular-expression ] display traffic behavior user-defined [ behavior-name ] [ { begin exclude include } regular-expression ] display qos policy user-defined [ policy-name [ classifier tcl-name ] ] [ { begin exclude include } regular-expression ] display qos policy interface [ interface-type interface-number ] [ inbound outbound ] [ { begin exclude include } regular-expression ] display qos vlan-policy { name policy-name vlan vlan-id } [ slot slot-number ] [ inbound outbound ] [ { begin exclude include } regular-expression ] display qos vlan-policy { name policy-name vlan [ vlan-id ] } [ chassis chassis-number slot slot-number ] [ inbound outbound ] [ { begin exclude include } regular-expression ] display qos policy global [ slot slot-number ] [ inbound outbound ] [ { begin exclude include } regular-expression ] display qos policy global [ chassis chassis-number slot slot-number ] [ inbound outbound ] [ { begin exclude include } regular-expression ] Available in any view. Available in any view. Available in any view. Available in any view. Available in any view. Available in any view. Available in any view. Available in any view. 9
Task Command Remarks Display information about QoS policies applied to a control plane on (in standalone mode). Display information about pre-defined QoS policies applied to the control plane (in IRF mode). Display information about pre-defined QoS policies applied to a control plane (in standalone mode). Display information about pre-defined QoS policies applied to a control plane (in IRF mode). Clear VLAN QoS policy statistics. Clear the statistics for a QoS policy applied globally. Clear the statistics for the QoS policy applied to a control plane (in standalone mode). Clear the statistics for the QoS policy applied to a control plane (in IRF mode). display qos policy control-plane slot slot-number [ inbound ] [ { begin exclude include } regular-expression ] display qos policy control-plane chassis chassis-number slot slot-number [ inbound ] [ { begin exclude include } regular-expression ] display qos policy control-plane pre-defined slot slot-number [ { begin exclude include } regular-expression ] display qos policy control-plane pre-defined chassis chassis-number slot slot-number [ { begin exclude include } regular-expression ] reset qos vlan-policy [ vlan vlan-id ] [ inbound outbound ] reset qos policy global [ inbound outbound ] reset qos policy control-plane slot slot-number [ inbound ] reset qos policy control-plane chassis chassis-number slot slot-number [ inbound ] Available in any view. Available in any view. Available in any view. Available in any view. Available in user view. Available in user view. Available in user view. Available in user view. NOTE: To clear statistics for an interface, use the reset counters interface command. For more information about the reset counters interface command, see Interface Command Reference. 10
Configuring priority mapping Overview Introduction to priority mapping When a packet arrives, a device assigns a set of QoS priority parameters to the packet based on a certain priority field carried in the packet or the port priority of the incoming port, depending on your configuration. This process is called "priority mapping". During this process, the device can modify the priority of the packet depending on device status. The set of QoS priority parameters decides the scheduling priority and forwarding priority of the packet. Priority mapping is implemented with priority mapping tables and involves priorities such as 802.11e priority, 802.1p priority, DSCP, EXP, IP precedence, local precedence, and drop precedence. Introduction to priorities Priorities include the following types: priorities carried in packets, and priorities locally assigned for scheduling only. The packet carried priorities include 802.1p priority, DSCP precedence, IP precedence, EXP, and so on. These priorities have global significance and affect the forwarding priority of packets across the network. For more information about these priorities, see "Appendix." The locally assigned priorities have only local significance. They are assigned by the device for scheduling only. These priorities include the local precedence, drop precedence, and user precedence, as follows. Local precedence is used for queuing. A local precedence value corresponds to an output queue. A packet with higher local precedence is assigned to a higher priority output queue to be preferentially scheduled. Drop precedence is used for making packet drop decisions. Packets with the highest drop precedence are dropped preferentially. User precedence is the precedence that the device automatically extracts from a certain priority field of the packet according to its forwarding path. The user precedence represents the 802.1p precedence for Layer-2 packets, the IP precedence for Layer-3 packets, and the EXP precedence for MPLS packets. Priority mapping tables The device provides various types of priority mapping tables, or rather, priority mappings. By looking up a priority mapping table, the device decides which priority value is to assign to a packet for subsequent packet processing. The default priority mapping tables (as shown in Appendix B Default priority mapping tables) are available for priority mapping. They are adequate in most cases. If a default priority mapping table cannot meet your requirements, you can modify the priority mapping table as required. 11
Priority mapping configuration tasks You can configure priority mapping in any of the following approaches: Configuring priority trust mode. In this approach, you can configure a port to look up a certain priority, 802.1p for example, in incoming packets, in the priority mapping tables. If no packet priority is trusted, the port priority of the incoming port is used. Changing port priority. By default, all ports are assigned the port priority of zero. By changing the port priority of a port, you change the priority of the incoming packets on the port. Configuring a QoS policy containing the priority mapping (simply called "primap") action with the primap command. Perform these tasks to configure priority mapping: Task Configuring a priority mapping table Configuring a port to trust packet priority for priority mapping Changing the port priority of an interface Configuring primap Remarks Optional. Optional. Optional. Optional. Configuring priority mapping Configuring a priority mapping table Configuring an uncolored priority mapping table The device provides the following types of uncolored priority mapping table. dot1p-dot1p 802.1p-to-802.1p mapping table. dot1p-dp 802.1p-to-drop mapping table. dot1p-dscp 802.1p-to-DSCP mapping table. dot1p-exp 802.1p-to-EXP mapping table. dot1p-lp 802.1p-to-local mapping table. dscp-dot1p DSCP-to-802.1p mapping table, which applies to only IP packets. dscp-dp DSCP-to-drop mapping table, which applies to only IP packets. dscp-dscp DSCP-to-DSCP mapping table, which applies to only IP packets. dscp-exp DSCP-to-EXP mapping table. dscp-lp DSCP-to-local mapping table, which applies to only IP packets. exp-dot1p EXP-to-802.1p mapping table. exp-dp EXP-to-drop mapping table. exp-dscp EXP-to-DSCP mapping table. 12
exp-lp EXP-to-local mapping table. up-dp User-to-drop mapping table. up-fc User-to-forwarding-class mapping table. up-lp User-to-local mapping table. up-rpr User-to-RPR mapping table. up-up User-to-user mapping table. To configure an uncolored priority mapping table: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter priority mapping table view. 3. Configure the priority mapping table. qos map-table { { inbound { dot1p-dot1p dot1p-dp dot1p-dscp dot1p-exp dot1p-lp dscp-dot1p dscp-dp dscp-dscp dscp-exp dscp-lp exp-dot1p exp-dp exp-dscp exp-lp up-lp up-up } } { outbound { up-lp up-dp up-fc up-rpr } } } import import-value-list export export-value N/A Newly configured mappings overwrite the old ones. Configuring a colored priority mapping table Packets processed by CAR are colored green, yellow, or red. To perform priority mapping for packets in different colors, the device provides the following colored priority mapping tables. dot1p-dot1p 802.1p-to-802.1p mapping table. dot1p-dp 802.1p-to-drop mapping table. dot1p-dscp 802.1p-to-DSCP mapping table. dot1p-exp 802.1p-to-EXP mapping table. dot1p-lp 802.1p-to-local mapping table. dscp-dot1p DSCP-to-802.1p mapping table. dscp-dp DSCP-to-drop priority mapping table. dscp-dscp DSCP-to-DSCP mapping table. dscp-exp DSCP-to-EXP mapping table. dscp-lp DSCP-to-local mapping table. exp-dot1p EXP-to-802.1p mapping table. exp-dp EXP-to-drop mapping table. exp-dscp EXP-to-DSCP mapping table. exp-exp EXP-to-EXP mapping table. exp-lp EXP-to-local mapping table. up-dscp User-to-DSCP mapping table. To configure a colored priority mapping table: 13
Step Command Remarks 1. Enter system view. 2. Enter colored priority mapping table view. 3. Configure the colored priority mapping table. system-view qos map-table color { green yellow red } { inbound { dot1p-dot1p dot1p-dp dot1p-dscp dot1p-exp dot1p-lp dscp-dot1p dscp-dp dscp-dscp dscp-exp dscp-lp exp-dot1p exp-dp exp-dscp exp-exp exp-lp } outbound { dot1p-dot1p dot1p-dscp dot1p-exp dscp-dot1p dscp-dscp dscp-exp exp-dot1p exp-dscp exp-exp } up-dscp } import import-value-list export export-value N/A N/A Newly configured mappings overwrite the old ones. Configuring a port to trust packet priority for priority mapping You can configure the device to trust a particular priority field carried in packets for priority mapping on ports or globally. When you configure the trusted packet priority type on an interface or port group, use the following available keywords: auto Automatically selects the priority of each received packet according to packet type for mapping. For Layer 2 packets, 802.1p priority is used; for Layer 3 packets, IP precedence is used; for MPLS packets, EXP is used. dot1p Uses the 802.1p priority of received packets for mapping. dscp Uses the DSCP precedence of received IP packets for mapping. exp Uses the EXP value of received MPLS packets for mapping. To configure the trusted packet priority type on an interface or port group: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view or port group view. 3. Configure the trusted packet priority type for the interface. Enter interface view: interface interface-type interface-number Enter port group view: port-group manual port-group-name qos trust { auto dot1p dscp exp } [ override ] Use either command. Settings in Ethernet interface view take effect on the current interface. Settings in port group view take effect on all ports in the port group. By default, the port priority is trusted for priority mapping. The POS and RPR subcards only support the auto keyword among these keywords. 14
Changing the port priority of an interface If an interface does not trust any packet priority, the device uses its port priority to look for the set of priority parameters for the incoming packets. By changing port priority, you can prioritize traffic received on different interfaces. To change the port priority of an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view or port group view. 3. Set the port priority of the interface. Enter interface view: interface interface-type interface-number Enter port group view: port-group manual port-group-name qos priority { dot1p dp dscp exp lp } priority-value Use either command. Settings in interface view (Ethernet or WLAN-ESS) take effect on the current interface. Settings in port group view take effect on all ports in the port group. The default is 2 for local precedence and 0 for drop precedence. The other priorities do not have defaults. The dot1p, dp, dscp, exp, and lp keywords are available only on Ethernet interface cards. Configuring primap By configuring a primap behavior and associating it with a traffic class, you can re-assign priority parameters for the traffic class according to the specified priority mapping table. Configuring uncolored primap Step Command 1. Enter system view. system-view 2. Create a class and enter class view. traffic classifier tcl-name [ operator { and or } ] 3. Configure match criteria. if-match match-criteria 4. Return to system view. quit 5. Create a traffic behavior and enter traffic behavior view. 6. Configure the action of assigning priority values to packets using a specified priority mapping table. traffic behavior behavior-name primap pre-defined dscp-dscp 7. Return to system view. quit 8. Create a policy and enter policy view. qos policy policy-name 9. Associate the traffic behavior with the class. classifier tcl-name behavior behavior-name 10. Return to system view. quit 15
Step Command 11. Apply the QoS policy. Applying the QoS policy to an interface Applying the QoS policy to a VLAN Applying the QoS policy globally Configuring colored primap Step Command Remarks 1. Enter system view. system-view N/A 2. Create a class and enter class view. traffic classifier tcl-name [ operator { and or } ] N/A 3. Configure match criteria. if-match match-criteria N/A 4. Return to system view. quit N/A 5. Create a traffic behavior and enter traffic behavior view. 6. Configure a CAR action. 7. Configure the action of assigning priority values to packets using a specified colored priority mapping table. 8. Configure the action of assigning drop precedence to packets according to packet color. traffic behavior behavior-name car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ red action ] primap pre-defined color { dot1p-dot1p dot1p-exp dot1p-dp dot1p-dscp dot1p-lp dscp-dot1p dscp-dp dscp-dscp dscp-exp dscp-lp exp-dot1p exp-dp exp-dscp exp-exp exp-lp up-dscp } primap color-map-dp N/A N/A N/A Optional. The packet color-to-drop precedence mappings are fixed to red to 2, yellow to 1, and green to 0. This action can be used only in the inbound direction. 9. Return to system view. quit N/A 10. Create a policy and enter policy view. 11. Associate the traffic behavior with the class. qos policy policy-name classifier tcl-name behavior behavior-name N/A N/A 12. Return to system view. quit N/A 13. Apply the QoS policy. Applying the QoS policy to an interface Applying the QoS policy to a VLAN Applying the QoS policy globally Choose one application destination as needed. 16
Displaying and maintaining priority mapping Task Command Remarks Display priority mapping table configuration. Display colored priority mapping table configuration. Display the trusted packet priority type on a port. display qos map-table [ inbound { dot1p-dot1p dot1p-dp dot1p-dscp dot1p-exp dot1p-lp dscp-dot1p dscp-dp dscp-dscp dscp-exp dscp-lp exp-dot1p exp-dp exp-dscp exp-lp up-lp up-up } outbound { up-dp up-fc up-lp up-rpr } ] [ dot1p-dot1p dot1p-dp dot1p-dscp dot1p-exp dot1p-lp dscp-dot1p dscp-dp dscp-dscp dscp-exp dscp-lp exp-dot1p exp-dp exp-dscp exp-lp up-dp up-fc up-lp up-rpr up-up ] [ { begin exclude include } regular-expression ] display qos map-table color [ [ green yellow red ] [ inbound [ dot1p-dot1p dot1p-dp dot1p-dscp dot1p-exp dot1p-lp dscp-dot1p dscp-dp dscp-dscp dscp-exp dscp-lp exp-dot1p exp-dp exp-dscp exp-exp exp-lp ] outbound [ dot1p-dot1p dot1p-dscp dot1p-exp dscp-dot1p dscp-dscp dscp-exp exp-dot1p exp-dscp exp-exp ] ] up-dscp ] [ { begin exclude include } regular-expression ] display qos trust interface [ interface-type interface-number ] [ { begin exclude include } regular-expression ] Available in any view. Available in any view. Available in any view. Priority mapping configuration example Network requirements As shown in Figure 4, different departments of a company assigned to different VLANs are interconnected on the intranet through the ports of Switch. Configure priority mapping, so that Switch enqueues packets based on the 802.1p priority of packets. The priority mapping table is user-defined. Figure 4 Network diagram 17
Configuration procedure # Enter system view. <Switch> system-view # Enter inbound dot1p-lp priority mapping table view and modify the priority mapping table parameters. [Switch] qos map-table inbound dot1p-lp [Switch-maptbl-in-dot1p-lp] import 0 1 export 0 [Switch-maptbl-in-dot1p-lp] import 2 3 export 1 [Switch-maptbl-in-dot1p-lp] import 4 5 export 2 [Switch-maptbl-in-dot1p-lp] import 6 7 export 3 [Switch-maptbl-in-dot1p-lp] quit # Configure GigabitEthernet 3/0/1 to trust the 802.1p priority. [Switch] interface gigabitethernet 3/0/1 [Switch-GigabitEthernet3/0/1] qos trust dot1p [Switch-GigabitEthernet3/0/1] quit # Configure GigabitEthernet 3/0/2 to trust the 802.1p priority. [Switch] interface gigabitethernet 3/0/2 [Switch-GigabitEthernet3/0/2] qos trust dot1p [Switch-GigabitEthernet3/0/2] quit # Configure GigabitEthernet3/0/3 to trust the 802.1p priority. [Switch] interface gigabitethernet 3/0/3 [Switch-GigabitEthernet3/0/3] qos trust dot1p [Switch-GigabitEthernet3/0/3] quit # Configure GigabitEthernet3/0/4 to trust the 802.1p priority. [Switch] interface gigabitethernet 3/0/4 [Switch-GigabitEthernet3/0/4] qos trust dot1p 18
Configuring traffic policing and traffic shaping Overview Traffic policing and traffic shaping are QoS techniques that help assign network resources, such as bandwidth. They increase network performance and user satisfaction. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic. Traffic policing and generic traffic shaping (GTS) limit the traffic rate and resource usage according to traffic specifications. Once a particular flow exceeds its specifications, such as bandwidth, it is shaped or policed to make sure it conforms to the specifications. You can use token buckets for evaluating traffic specifications. Traffic evaluation and token buckets Token bucket features A token bucket is analogous to a container that holds a certain number of tokens. Each token represents a certain forwarding capacity. The system puts tokens into the bucket at a constant rate. When the token bucket is full, the extra tokens cause the token bucket to overflow. Evaluating traffic with the token bucket A token bucket mechanism evaluates traffic by looking at the number of tokens in the bucket. If the number of tokens in the bucket is enough for forwarding the packets, the traffic conforms to the specification, and is called "conforming traffic." Otherwise, the traffic does not conform to the specification, and is called "excess traffic." A token bucket has the following configurable parameters: Mean rate at which tokens are put into the bucket, which is the permitted average rate of traffic. It is usually set to the committed information rate (CIR). Burst size or the capacity of the token bucket. It is the maximum traffic size permitted in each burst. It is usually set to the committed burst size (CBS). The set burst size must be greater than the maximum packet size. Each arriving packet is evaluated. In each evaluation, if the number of tokens in the bucket is enough, the traffic conforms to the specification and the tokens for forwarding the packet are taken away; if the number of tokens in the bucket is not enough, the traffic is excessive. Complicated evaluation You can set two token buckets, bucket C and bucket E, to evaluate traffic in a more complicated environment and achieve more policing flexibility. For example, traffic policing uses the following parameters: CIR Rate at which tokens are put into bucket C. It sets the average packet transmission or forwarding rate allowed by bucket C. CBS Size of bucket C, which specifies the transient burst of traffic that bucket C can forward. 19
Peak information rate (PIR) Rate at which tokens are put into bucket E, which specifies the average packet transmission or forwarding rate allowed by bucket E. Excess burst size (EBS) Size of bucket E, which specifies the transient burst of traffic that bucket E can forward. CBS is implemented with bucket C, and EBS with bucket E. In each evaluation, packets are measured against the following bucket scenarios: If bucket C has enough tokens, packets are colored green. If bucket C does not have enough tokens but bucket E has enough tokens, packets are colored yellow. If neither bucket C nor bucket E has sufficient tokens, packets are colored red. Traffic policing A typical application of traffic policing is to supervise the specification of certain traffic entering a network and limit it within a reasonable range, or to "discipline" the extra traffic to prevent aggressive use of network resources by a certain application. For example, you can limit bandwidth for HTTP packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing can drop the packets or reset the IP precedence of the packets. Figure 5 shows an example of policing outbound traffic on an interface. Figure 5 Traffic policing Traffic policing is widely used in policing traffic entering the networks of internet service providers (ISPs). It can classify the policed traffic and take pre-defined policing actions on each packet depending on the evaluation result: Forwarding the packet if the evaluation result is "conforming." Dropping the packet if the evaluation result is "excess." Forwarding the packet with its IP precedence re-marked if the evaluation result is "conforming." Delivering the packet to next-level traffic policing with its IP precedence re-marked if the evaluation result is "conforming." Entering the next-level policing (you can set multiple traffic policing levels each focused on specific objects). 20
NOTE: Traffic policing supports policing the inbound traffic and the outbound traffic. Traffic shaping Traffic shaping limits the outbound traffic rate by buffering exceeding traffic. You can use traffic shaping to adapt the traffic output rate on a device to the input traffic rate of its connected device to avoid packet loss. The difference between traffic policing and GTS is that packets to be dropped with traffic policing are retained in a buffer or queue with GTS, as shown in Figure 6. When enough tokens are in the token bucket, the buffered packets are sent at an even rate. Traffic shaping might result in additional delay and traffic policing does not. Figure 6 GTS For example, in Figure 7, Router B performs traffic policing on packets from Router A and drops packets exceeding the limit. To avoid packet loss, you can perform traffic shaping on the outgoing interface of Router A so packets exceeding the limit are cached in Router A. Once resources are released, traffic shaping takes out the cached packets and sends them out. Figure 7 GTS application Router A Router B Physical link NOTE: Traffic shaping supports shaping only the outbound traffic. 21
Configuring traffic policing The switch implements color-aware CAR in traffic policing. For information about the color-aware mode, see RFC 2697. To configure traffic policing: Step Command 1. Enter system view. system-view 2. Create a class and enter class view. traffic classifier tcl-name [ operator { and or } ] 3. Configure match criteria. if-match match-criteria 4. Return to system view. quit 5. Create a behavior and enter behavior view. 6. Configure a traffic policing action. traffic behavior behavior-name car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ red action ] 7. Return to system view. quit 8. Create a policy and enter policy view. 9. Associate the class with the traffic behavior in the QoS policy. qos policy policy-name classifier tcl-name behavior behavior-name 10. Return to system view. quit 11. Apply the QoS policy. Applying the QoS policy to an interface Applying the QoS policy to a VLAN Applying the QoS policy globally Applying the QoS policy to the control plane Configuring GTS IMPORTANT: GTS for software forwarding does not support IPv6. Do not configure GTS on a main interface and its subinterfaces at the same time. You can configure the following types of GTS: Queue-based GTS configuring GTS parameters for packets of a certain queue. GTS for all traffic configuring GTS parameters for all traffic. Configuring queue-based GTS Step Command Remarks 1. Enter system view. system-view N/A 22
Step Command Remarks 2. Enter interface view or port group view. 3. Configure GTS for a queue. Enter interface view: interface interface-type interface-number Enter port group view: port-group manual port-group-name qos gts queue queue-number cir committed-information-rate [ cbs committed-burst-size Use either command. Settings in interface view take effect on the current interface. Settings in port group view take effect on all ports in the port group. N/A Configuring GTS for all traffic Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view or port group view. 3. Configure GTS on the interface or port group. Enter interface view: interface interface-type interface-number Enter port group view: port-group manual port-group-name qos gts any cir committed-information-rate [ cbs committed-burst-size ] Use either command. Settings in interface view take effect on the current interface. Settings in port group view take effect on all ports in the port group. N/A Displaying and maintaining traffic policing and GTS Task Command Remarks Display CAR resources usage (in standalone mode). Display CAR resources usage (in IRF mode). Display interface GTS configuration information. display car resource [ slot slot-number ] [ { begin exclude include } regular-expression ] display car resource [ chassis chassis-number slot slot-number ] [ { begin exclude include } regular-expression ] display qos gts interface [ interface-type interface-number ] [ { begin exclude include } regular-expression ] Available in any view. Available in any view. Available in any view. 23
Configuring congestion management Overview Causes, impacts, and countermeasures of congestion Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Figure 8 shows some common congestion scenarios: Figure 8 Traffic congestion causes Congestion can bring the following negative results: Increased delay and jitter during packet transmission Decreased network throughput and resource use efficiency Network resource (memory in particular) exhaustion and system breakdown Congestion is unavoidable in switched networks or multi-user application environments. To improve the service performance of your network, you must take measures to manage and control it. One major issue that congestion management deals with is how to define a resource dispatching policy to prioritize packets for forwarding when congestion occurs. Congestion management policies Queuing is a common congestion management technique. It classifies traffic into queues and picks out packets from each queue by using a certain algorithm. Various queuing algorithms are available, and each addresses a particular network traffic problem. Your choice of algorithm affects bandwidth assignment, delay, and jitter significantly. Congestion management involves queue creating, traffic classification, packet enqueuing, and queue scheduling. Queue scheduling treats packets with different priorities differently to transmit high-priority packets preferentially. This section briefly describes several common queue-scheduling mechanisms. 24
FIFO Figure 9 FIFO queuing Priority queuing As shown in Figure 9, the first in first out (FIFO) uses a single queue and does not classify traffic or schedule queues. FIFO delivers packets depending on their arrival order, with the one arriving earlier scheduled first. The only concern of FIFO is queue length, which affects delay and packet loss rate. On a device, resources are assigned to packets depending on their arrival order and load status of the device. The best-effort service model uses FIFO queuing. FIFO does not address congestion problems. If only one FIFO output/input queue exists on a port, you can hardly ensure timely delivery of mission-critical or delay-sensitive traffic or smooth traffic jitter. The situation gets worsened if malicious traffic is present to occupy bandwidth aggressively. To control congestion and prioritize forwarding of critical traffic, you must use other queue scheduling mechanisms, where multiple queues can be configured. Within each queue, however, FIFO is still used. By default, FIFO queuing is used on interfaces. Figure 10 Priority queuing (PQ) Priority queuing is designed for mission-critical applications. The key feature of mission-critical applications is that they require preferential service to reduce the response delay when congestion occurs. Priority queuing can flexibly determine the order of forwarding packets by network protocol (for example, IP and IPX), incoming interface, packet length, source/destination address, and so on. Priority queuing classifies packets into four queues: top, middle, normal, and bottom, in descending priority order. By default, packets are assigned to the normal queue. Each of the four queues is a FIFO queue. 25